[SECURITY] Fedora 11 Update: texlive-2007-47.fc11

updates at fedoraproject.org updates at fedoraproject.org
Tue May 18 21:51:53 UTC 2010

Fedora Update Notification
2010-05-10 16:33:12

Name        : texlive
Product     : Fedora 11
Version     : 2007
Release     : 47.fc11
URL         : http://tug.org/texlive/
Summary     : Binaries for the TeX formatting system
Description :
TeXLive is an implementation of TeX for Linux or UNIX systems. TeX takes
a text file and a set of formatting commands as input and creates a
printable file as output. Usually, TeX is used in conjunction with
a higher level formatting package like LaTeX or PlainTeX, since TeX by
itself is not very user-friendly.

Install texlive if you want to use the TeX text formatting system. Consider
to install texlive-latex (a higher level formatting package which provides
an easier-to-use interface for TeX).

The TeX documentation is located in the texlive-doc package.

Update Information:

Changes in this update:  * fixes for CVE-2010-0739 and CVE-2010-1440  * adds
missing defattr to filelists  * fixes directory ownership of
/var/lib/texmf/web2c  * uses official tarball for jpatch  * fixes post/postun

* Mon May 10 2010 Jindrich Novy <jnovy at redhat.com> 2007-47
- fix CVE-2010-0739 and CVE-2010-1440 (#584795)
- fix CVE-2010-0829 (#589607)
- add missing defattr to filelists
- fix directory ownership of /var/lib/texmf/web2c (#512459)
- use official tarball for jpatch
- fix post/postun scriptlets (#532466)
* Fri Oct 23 2009 Jindrich Novy <jnovy at redhat.com> 2007-46
- add missing dependency on kpathsea
* Thu Oct 15 2009 Jindrich Novy <jnovy at redhat.com> 2007-45
- make kpathsea not dependent on texlive
- fix lacheck again (#451513)
- fix dvips configuration (#467542)
- update kpathsea description and summary (#519257)
- use upstream patch to fix pool overflow CVE-2009-1284 (#492136)
- don't complain if the pdvipsk hunks touching config.ps don't apply

  [ 1 ] Bug #572941 - CVE-2010-0739 tetex, texlive: Integer overflow by processing special commands
  [ 2 ] Bug #586819 - CVE-2010-1440 tetex, texlive: Integer overflow by processing special commands

This update can be installed with the "yum" update program.  Use 
su -c 'yum update texlive' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at

More information about the package-announce mailing list